Setting up Ping Identity (Cloud) and SAML 2.0 with Kazoo

Requirements

To use Ping Identity to log in to Kazoo, you will need the following components:

  • A Kazoo subdomain
  • PING Identity Single Sign-On Cloud Service enabled
  • Your PING Identity SSO subject matter expert for troubleshooting

Important Note: If users will be accessing mobile app, please ensure that configuration allows access to SSO connections outside of the company’s network.

PingFederate instructions can be found here: PingFederate Service Provider setup

There are currently 3 ways to set up an application within PING Identity for SSO.

  1. Add from PING’s Application Catalog
  2. Add an application using it’s SSO URL
  3. Add and configure a new SAML application from scratch

Setup Steps

  • Login to PING Identity administration

  • Determine if YouEarnedIt is currently in the PING Application Catalog.

    • If not, please jump down to “Add and configure a new SAML application” instructions
    • If yes, follow these instructions:
      1. Go to Applications → Application Catalog.
      2. In the Search field, search for your app by typing the name, entity ID, or description of the application you want to add. The application listing will display the type of the application.
      3. When you find the application you want, click Details. The application description is displayed.
      4. Click Setup to begin. The SSO Instructions page for the application is displayed.
      5. Follow the instructions to configure SSO for the application. Click Continue to Next Step.
      6. Configure your connection to the application per the application instructions. Click Continue to Next Step.
      7. Modify or add any attribute mappings as necessary for the application. In most cases, the default attribute mappings are sufficient. These mappings assign your identity bridge attributes to the attributes provided by the Service Provider for the application. For each application attribute, you can:
        • Click the Required checkbox to designate an attribute or attributes as required by the application.
        • Click in an entry box and select an identity bridge attribute from a drop-down list.
        • Click in an entry box and enter an identity bridge attribute.
        • Click the As Literal checkbox and in the entry box, enter a literal value to assign.
        • Click Advanced and enter Advanced Attribute Mapping mode. See Create advanced attribute mappings for instructions.
        • Click Add new attribute to enter any additional attributes required by the application. You then have all of the choices above when configuring the attribute.
      8. When you have finished modifying or adding any additional attributes, click Save & Publish.
        • The summary information for the application configuration is then displayed on a new page.
      9. Make the new application available to your users.

Add an application using its SSO URL

  1. Click the Applications tab, select Add Application and click New SAML Application.
  2. Enter the application details. Application Name and Application Description are required fields. For logos and icons, PNG is the only accepted graphics format.
  3. Click Continue to Next Step. The Application Configuration page is displayed.
  4. Click I have the SSO URL and enter the URL to use for SSO to the application. The URL should be available from the SP. We encode this URL, so don’t encode it yourself (for example, by using “&” rather than “&”).
If you're using Google as your identity bridge and adding a Google application, enter the URL for the application using this format:
  `https://<application>.google.com/a/<GoogleAppsDomainName>`
  Where `application` is the name of one of the Google applications, and `GoogleAppsDomainName` is the domain name assigned to your Google account.
  1. Confirm that the SSO URL is correct. You can use the Single Sign-On link to test the URL. The application connection is established, and available on your PingOne dock. Click Finish to complete the application setup. The new application is added to your My Applications list.
  2. Make the new application available to your users. * See PING Identity’s Authorize group access to applications for instructions.

Add and configure a new SAML application from scratch

If Kazoo is not currently in the Application Catalog, please follow the instructions below:

  1. Go to Applications → Application Catalog.
  2. In the Search field, search for your app by typing the name, entity ID, or description of the application you want to add. The application listing will display the type of the application.
  3. When you find the application you want, click Details. The application description is displayed.
  4. Click Setup to begin. The SSO Instructions page for the application is displayed.
  5. Follow the instructions to configure SSO for the application. Click Continue to Next Step.
  6. Configure your connection to the application per the application instructions. Click Continue to Next Step.
  7. Modify or add any attribute mappings as necessary for the application. In most cases, the default attribute mappings are sufficient. These mappings assign your identity bridge attributes to the attributes provided by the Service Provider for the application. For each application attribute, you can:
    • Click the Required checkbox to designate an attribute or attributes as required by the application.
    • Click in an entry box and select an identity bridge attribute from a drop-down list.
    • Click in an entry box and enter an identity bridge attribute.
    • Click the As Literal checkbox and in the entry box, enter a literal value to assign.
    • Click Advanced and enter Advanced Attribute Mapping mode. See Create advanced attribute mappings for instructions.
    • Click Add new attribute to enter any additional attributes required by the application. You then have all of the choices above when configuring the attribute.
    • When you have finished modifying or adding any additional attributes, click Save & Publish. The summary information for the application configuration is then displayed on a new page.
  8. Make the new application available to your users.